Summary: 1
Department of Biochemistry and Molecular Biology
Information Technology Security and Acceptable Use Policy
Scope: This policy is to be applied in addition to the current Michigan State University Acceptable Use
of Computing Systems, Software, and the University Digital Network Administrative Ruling
http://www.msu.edu/au/. This policy will describe procedures and protocols for information security
and systems management, incident response, disaster recovery, and operations and security.
Procedures:
I. Information Security and Systems Management
Electronic records containing confidential and proprietary information should be stored on
centralized data servers whenever feasible. This can include databases or file servers.
Computers used to access electronic records containing confidential and proprietary
information shall be locked against unauthorized use when unattended (for example, employing
a screen saver with a password lock). The storage of confidential and proprietary information on
mobile computing devices, such as laptops or "smart" phones, is strongly discouraged. If such
data must be stored on these devices, the use of data encryption to encode the information is
strongly encouraged, to ensure its integrity in the event of theft of the physical device.
Refer to document "Securing Enterprise Data at Michigan State University"
(http://eis.msu.edu/documents/Securing_Enterprise_Data_at_MSU_w_ISO_17799_checklist_14
_Apr_07.pdf) for policies and procedures.